Introduction
Welcome Dev Enthusiasts! In this blog, I will take you through the journey of developing FreeShare, a free online file shar...
For further actions, you may consider blocking this person and/or reporting abuse
Seems like a 5 digit pin would be easy for a hacker to guess, or provide by a DDoS attack, have you protected against that?
I know about it. Its only for single use only. Therefore if user uploads the file and then intended user downloads it. It will automatically delte all the related files, metadata and everything from the db.
Yeah it's just someone could get it before the intended recipient etc. I can see the attraction of a 5 digit pin for ease of entry, just 100k combinations seems like too few.
You could ban IP addresses that get the wrong PIN more than x times (say 5) for a number of minutes.
You could rate limit IP addresses to x calls a minute.
You could make your PINs be alpha numeric. A 4 digit A-Z0-9 PIN would have 4.5x more combinations, a 5 digit PIN like this would have 118x more.
Also, at present you are using Math.random() - this is a sequence that is well known by hackers - by creating a few links of their own they'd have a good chance of working out the previous and subsequent PINs you were creating with minimal effort - this would negate all of these strategies. You should use a cryptographically secure method of generating randoms when used for purposes like this.
One more thought, you could use a What Three Words type of approach and give people a 3 or 4 word phrase - very very hard to guess by brute force (unless your candidate word list is in the open), quite easy to remember and a large number of combinations with just a few dozen words.
Yeah sure I will surely try to implement. Thanks for your valuable feedback.
Good luck with it, looks like a very cool project :)
Thanks
But if you have any suggestions I am open to it. And will try to implement it for sure.
I have my own similar project created with Vanilla JavaScript. It doesn't use any storage at all. It use WebRTC and unique names to send file from one computer to the other directly. I use it all the time when I want to send files from one laptop to other or send it to my phone.
Application for sharing files using WebRTC
webrtc-share
Application for sharing files using WebRTC
License
Released with GNU AGPL 3 license
Copyright (C) 2019 Jakub T. Jankiewicz <jcubic.pl>
Its a great project. I am also developing similiar one using webrtc but its still in development. But main disadvantage is recieving side should also be ready for sending the files.
great article and interesting project!
Yeah please check it out and your feedback is valuable to me freeshare.vercel.app/
dude this is amazing.
it would be nice if instead of having to input the id in the form, you can just share a url which automatically links to a file.
also maybe change the download file button to view file since users may misunderstand that button and believe that they are about to download the file instead of opening it in a new tab
Yes , Thanks for the feedback. About the downloading in the same tab problem with this is my storage and website hosted is diffenrent network or platform thus it impossible to download it on the same tab it will always open in new tab . This is the same problem i got in my previous project too.
i don't think it's important to have a download button since if you have a file opened in a tab you can automatically download it
Good explanation will implement this
Check out 'croc'. Your solution sounds similar to Firefox Send (or its nowadays forks). 'croc' approach is far more superior
Sure!!
Good luck, looks like a very cool project :)
Thank You !!
Fantabulous
Thank You!!
Wow it is very great blog . I am new to dev still it is a quality Content . I am gonna use freeshare everyday now.
Thank You so much I am greatful for your kind words
Nice Project Dude
Thank You